-
Re: Read-only users in HiveAmr Awadallah 2010-01-21, 09:22
Though that will protect the files, it won't protect the schema (e.g.
the read-only users will still be able to drop the table).
-- amr
On 1/20/2010 9:29 PM, Oscar Gothberg wrote:
> Thanks!
>
> I realized this could also be managed, albeit still clumsily, through
> user/group read/write permissions for the Hive warehouse directory.
>
> / Oscar
>
> On Tue, Jan 19, 2010 at 11:40 PM, Amr Awadallah <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> HIVE-78 is what we all are waiting for :)
>
> The hack you suggest below should be a valid interim solution,
> just make sure the read-only clients have their own hive-site.xml
> with the proper user/pass for the read only account, e.g.
>
> <property>
> <name>javax.jdo.option.ConnectionUserName</name>
> <value>read-only-user</value>
> </property>
>
> <property>
> <name>javax.jdo.option.ConnectionPassword</name>
> <value>xxxxx</value>
> </property>
>
> see this for more details:
>
> http://wiki.apache.org/hadoop/Hive/AdminManual/MetastoreAdmin
>
> -- amr
>
>
> On 1/13/2010 10:49 PM, Oscar Gothberg wrote:
>
> Hi,
>
> is there a way to set up users with read-only users in Hive,
> so that I can have one user with write privileges that runs
> ETL and updates the warehouse, adds partitions, etc, and one
> or more 'read-only' users that would be able to execute
> SELECTs, etc, but not DDL type statements?
>
> I'd be interested how others out there solve having separation
> between producers that feed and update the data warehouse one
> one hand, and the consumers on the other.
>
> From what I understand Hive doesn't have a lot of multiuser
> support yet (as described in HIVE-78 etc). Maybe one
> possibility could be to have 'read-only' users use a different
> account in the mysql metastore without write privileges, and
> have any DDL statements from such users fail due to metastore
> errors, but hopefully there's a cleaner way?
>
> Thanks,
> / Oscar
>
>
the read-only users will still be able to drop the table).
-- amr
On 1/20/2010 9:29 PM, Oscar Gothberg wrote:
> Thanks!
>
> I realized this could also be managed, albeit still clumsily, through
> user/group read/write permissions for the Hive warehouse directory.
>
> / Oscar
>
> On Tue, Jan 19, 2010 at 11:40 PM, Amr Awadallah <[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]>> wrote:
>
> HIVE-78 is what we all are waiting for :)
>
> The hack you suggest below should be a valid interim solution,
> just make sure the read-only clients have their own hive-site.xml
> with the proper user/pass for the read only account, e.g.
>
> <property>
> <name>javax.jdo.option.ConnectionUserName</name>
> <value>read-only-user</value>
> </property>
>
> <property>
> <name>javax.jdo.option.ConnectionPassword</name>
> <value>xxxxx</value>
> </property>
>
> see this for more details:
>
> http://wiki.apache.org/hadoop/Hive/AdminManual/MetastoreAdmin
>
> -- amr
>
>
> On 1/13/2010 10:49 PM, Oscar Gothberg wrote:
>
> Hi,
>
> is there a way to set up users with read-only users in Hive,
> so that I can have one user with write privileges that runs
> ETL and updates the warehouse, adds partitions, etc, and one
> or more 'read-only' users that would be able to execute
> SELECTs, etc, but not DDL type statements?
>
> I'd be interested how others out there solve having separation
> between producers that feed and update the data warehouse one
> one hand, and the consumers on the other.
>
> From what I understand Hive doesn't have a lot of multiuser
> support yet (as described in HIVE-78 etc). Maybe one
> possibility could be to have 'read-only' users use a different
> account in the mysql metastore without write privileges, and
> have any DDL statements from such users fail due to metastore
> errors, but hopefully there's a cleaner way?
>
> Thanks,
> / Oscar
>
>
